Archived from groups: microsoft.public.win2000.security (
More info?)
You can consider configuring all the accounts to "require user to change
password at next login." This can even be done with a script, using
CUSRMGR.EXE [doesn't come with windows, is part of the Windows Resource Kit]
or with a free ADSI .VBS script that can be found in google, if you are
using Windows 2000 or 2003. I would avoid setting this value on service
accounts, and this value can cause problems for users that typically log in
using RAS or VPN or Internet or any other method besides the windows logon
by pressing CTRL-ALT-DELETE while physically attached to your internal
network.
"Nir B" <nir@icomverse.com> wrote in message
news:e%23qi9K22EHA.2196@TK2MSFTNGP14.phx.gbl...
> 10X
>
> "Miha Pihler" <mihap-news@atlantis.si> wrote in message
> news:#8a8eB22EHA.3408@tk2msftngp13.phx.gbl...
> > Hi,
> >
> > This is only recommendation. There will be no user notification after
you
> > enable the policy.
> >
> > If your password policy is set to e.g. users must change password after
> > every 70 days, you know that after 70 days all user's password will be
> > stored as NT Hash. Don't forget to change e.g. service account passwords
> > (for e.g. backup). These accounts are usually set to "password never
> > expires". Beside that, they usually have higher privileges on the
network,
> > so it is even more important to get rid if LM hashes.
> >
> > Mike
> >
> > "Nir B" <nir@icomverse.com> wrote in message
> > news:OY58v912EHA.2192@TK2MSFTNGP14.phx.gbl...
> > > Hi All,
> > >
> > > I want to enable ""Do not store LAN Manager hash value on next
password
> > > change"
> > > I read that I will need to change the password on all accounts after
> > > enabling this setting.
> > > Is the meaning is that all my users will get notification that they
need
> > > to
> > > change their passwords? or its only recommendation?
> > >
> > > Thanks In Advanced!
> > >
> > > Nir B
> > >
> > >
> >
> >
>
>
Facebook
Twitter
Instagram